Re: LDAP extensions for subtrees.

[merrells@netscape.com (John Merrells)]

Bruce Greenblatt wrote:
> 
> Here's a little draft that I wrote that describes some extended operations
> that work against subtrees in LDAP.  In attempting to build LDAP
> applications requirements for copying, modifying and deleting subtrees come
> up repeatedly.  These types of operations are most effectively performed by
> LDAP servers atomically, rather than by LDAP clients through the use of the
> standard LDAP operations.  So, see:
> http://search.ietf.org/internet-drafts/draft-greenblatt-ldapext-sos-00.txt,
> or another I-D repository near you...

Copy...

If access control prevents a parent entry from being read... are the children
copied? This would violate the ldap constraint that every entry much have a
parent. In LDUP terms the copy is a sparse replica.

If access control prevents some attributes from being copied, the resultant
copy of the entry may violate the schema.

The filter, just as access control, can create a sparse replica of the subtree.

Delete...

If access control prevents the deletion of an entry then it's parents entries
up to the root will remain. But, if the operation were atomic then shouldn't
all other entries not be deleted too?


John